Create a new product profile

First create a new product profile to which you can assign custom permissions.

  1. Log into Cloud Manager at my.cloudmanager.adobe.com

  2. Select the product AEM Managed Services.

  3. Search for and instance with name matching the pattern *-cloud-manager and click to manage users and permissions.

  4. You are redirected to the Products tab of the Admin Console, where you can manage users and permissions for Cloud Manager. In the Admin Console, click New Profile.

New Profile button

  1. Provide the general details about the profile.

    • Product profile name - A descriptive name for the profile
    • Display name - An abbreviated name that is shown in the user interface (options)
    • Description - An informative description of the profile explaining its purpose (optional)
    • Notify users by email - When selected, the system notifies users by email when they are added to or removed from this profile.
  2. Click Save.

The new product profile is saved and is visible in the list of product profiles in the Admin Console.

Assign custom permissions to the new product profile

Now that you have a new product profile, you can assign custom permissions to it.

  1. In the Admin Console, click the name of the new product profile you just created.

  2. In the window that opens, select the Permissions tab to view a list of editable permissions.

    Editable permissions

  3. Click the Edit link for permission to edit it.

  4. The Edit Permissions window opens.

    • The permission you selected in the previous step is selected in the left column.
    • The permission items available for assignment for the permission are in the middle column labeled Available Permission Items.
    • The assigned permission items are in the right column labeled Included Permission Items.

    Edit permission items

  5. Click the plus (+) icon next to the permission item to add it to the column Included Permission Items. If necessary, click the i icon next to a permission item to learn more about it.

  6. At the top of the Available Permissions column, click Add all to add all permissions. Likewise, click Remove all to remove all the previously selected permissions.

  7. When you are finished defining the permission items for your new product profile, click Save.

Your new product profile is now saved with its custom permissions.

Assign users to the new product profile

You can now assign users to the new product profile you created with custom permissions.

  1. In the Admin Console, click the name of the new product profile to which you just assigned custom permissions.

  2. In the window that opens, select the Users tab.

  3. Click Add Users and assign users to your new product profile with custom permissions.

See Add users and user groups to a product profile of the document Manage product profiles for enterprise users for more details on how to use the Admin Console.

Configurable permissions

The following permissions are available for creating custom profiles.

PermissionDescription
Program AccessAllow users to access programs
Program EditAllow users to edit programs
Pipeline CreateAllow users to create new pipelines
Pipeline DeleteAllow users to delete pipelines
Pipeline EditAllow users to edit pipelines
Production Deployments Approve/RejectAllow users to approve or reject a production deployment step
Pipeline Executions CancelAllow users to cancel pipeline executions
Pipeline Executions StartAllow users to start new pipeline executions
Override/Reject Important Metric FailuresAllow users to override/reject important metric failures
Production Deployments ScheduleAllow users to schedule a production deployment step
Repository Info AccessAllow users to access repository information and generate an access password
Repository CreateAllow users to create new Git repositories
Repository DeleteAllow users to delete Git repositories
Repository EditAllow users to edit Git repositories
Repository Code GenerateAllow users to generate projects from archetype
Content Copy ManageAllow users to manage content copy operations

Organization-level permissions

Organization-level permissions are always applied across all programs within an organization.

One example of an organization-level permission in Cloud Manager is Repository Info Access. This permission lets users generate a username, password, and repository URL for accessing and contributing to customer projects. While the username and password remain consistent across all repositories in the organization, each program has a unique repository URL.

See the Source Code Repository for more information.

Terms

The following terms are used in creating and managing custom permissions and pre-defined roles.

TermDescription
Predefined PermissionsPredefined roles like Business Owner, Deployment Manager, and so on. to govern various features of Cloud Manager. For details on pre-defined roles, see Role-Based Permissions.
Custom PermissionsCloud Manager features that allow users to create permission profiles to define roles to govern supported features of Cloud Manager
Permission ProfileCreated in the Admin Console to manage configurable permissions that are applicable to users who are part of the permission profile
Configurable PermissionCloud Manager permissions can be configured in the permission profile
Permission ItemA program, environment or pipeline resource on which a permission can be applied

Permission items refer to the scope where permissions are applied. Typically, it is one of the following.

Permission Item TypeExampleDescription
Organizationorganization:companyAAll applicable resources of an organization. A resource could be a program, environment, or pipeline. If the user adds an organization for any permission, then all new resources in that organization also have that permission.
ProgramProgram AAll applicable resources of a program
EnvironmentProgram A : environmentApplicable in a specific environment
PipelineProgram A : PipelineApplicable on a specific pipeline

Limitations

Keep in mind the following limitations when using custom permissions:

  • A limited set of permissions is available for creating custom profiles.
  • Resources like program, environment, pipeline etc. created in Cloud Manager may take up two minutes to display in Admin Console for permission configuration.
  • In rare scenarios where a custom permissions service fails to respond, predefined profiles are still available and users in predefined profiles still have appropriate access.

Frequently asked questions

Which permission profiles are predefined permission profiles?

  • Business Owner
  • Program Manager
  • Deployment Manager
  • Developer

For details on pre-defined roles, see Role-Based Permissions.

What happens to predefined permission profiles with introduction to custom profiles?

Default product profiles and Cloud Manager roles continue to work the same as before.

Can I edit predefined permission profiles?

No, default profiles are non-editable. You cannot add or remove permissions to the default permission profile. You can only add or remove users from predefined profiles.

Should I delete predefined permission profiles since custom profiles are now available?

Predefined permission profiles must not be deleted from the Admin Console.

Can I add users to multiple permission profiles?

Yes, A user can be part of multiple profiles including predefined and custom permission profiles. When a user is assigned to multiple profiles, the combined permissions from all the assigned permission profiles are available to that user.